Wireless networks have experienced increased development in the past decade. One of the most rapidly developing areas is mobile ad-hoc networks, or MANETs for short. Physically, a mobile ad-hoc network includes a number of geographically-distributed, potentially mobile nodes sharing a common radio channel. Compared with other types of networks, such as cellular networks or satellite networks, the most distinctive feature of mobile ad-hoc networks is the lack of any fixed infrastructure. The network may be formed of mobile nodes only, and a network is created “on the fly” as the nodes come close enough to transmit with each other. The network does not depend on a particular node and dynamically adjusts as some nodes join or others leave the network.
Because of these unique characteristics, routing protocols for governing data flow within ad-hoc networks are required which can adapt to frequent topology changes. Two basic categories of ad-hoc routing protocols have emerged in recent years, namely reactive or “on-demand” protocols, and proactive or table-driven protocols. Reactive protocols collect routing information when a particular route is required to a destination in response to a route request. Examples of reactive protocols include ad-hoc on demand distance vector (AODV) routing, dynamic source routing (DSR), and the temporally ordered routing algorithm (TORA).
On the other hand, proactive routing protocols attempt to maintain consistent, up-to-date routing information from each node to every other node in the network. Such protocols typically require each node to maintain one or more tables to store routing information, and they respond to changes in network topology by propagating updates throughout the network to maintain a consistent view of the network. Examples of such proactive routing protocols include destination-sequenced distance-vector (DSDV) routing, which is disclosed in U.S. Pat. No. 5,412,654 to Perkins; the wireless routing protocol (WRP); and clusterhead gateway switch routing (CGSR). A hybrid protocol which uses both proactive and reactive approaches is the zone routing protocol (ZRP), which is disclosed in U.S. Pat. No. 6,304,556 to Haas.
One challenge to the advancement of ad-hoc network development is that of security. More particularly, since nodes in a mobile ad-hoc network all communicate wirelessly, there is a much greater risk of intrusion by unauthorized users. Because of the early stage of development of ad-hoc networks and the numerous other challenges these networks present, the above routing protocols have heretofore primarily focused solely on the mechanics of data routing and not on intrusion detection.
Some approaches are now being developed for providing intrusion detection in mobile ad-hoc networks. One such approach is outlined in an article by Zhang et al. entitled “Intrusion Detection in Wireless Ad-Hoc Networks,” ACM MOBICOM, 2000. In this article, an intrusion detection architecture is proposed in which every node in the MANET participates in intrusion detection and response. That is, each node is responsible for detecting signs of intrusion locally and independently, but neighboring nodes can collaboratively investigate in a broader range. Moreover, intrusion detection is based upon anomaly detections, such as the detection of abnormal updates to routing tables or anomalies in certain network layers, such as with media access control (MAC) layer protocols. Another similar MANET intrusion detection architecture is disclosed in “Security in Ad Hoc Networks: a General Intrusion Detection Architecture Enhancing Trust Based Approaches,” by Albers et al., in Proceedings of the International First Workshop on Wireless Information Systems (Wis-2002), April 2002.
While the architectures discussed in the above articles may provide a convenient starting point for implementing intrusion detection, much of the details regarding the implementation of intrusion detection in MANETs have yet to be determined. That is, the particular types of node characteristics which can reliably indicate whether a node is a rouge node attempting to intrude upon the network still remain largely undefined.